Please publish sdist to PyPI

[bollwyvl]

While .whl are preferred by pip users, having the canonical .tar.gz makes downstream packaging more predictable (a la bernhard-42/jupyter-cadquery#38).

On some other projects, I have been:

• building the sdist and bdist_wheel in CI
• immediately running twine check on the files
• capturing the distributions cryptographic identity with cd dist && sha256sums * > SHA256SUMS
• uploading those as CI artifacts
• testing against those (instead of in-tree)
  • for lab extensions, the first step is something akin to:

      run: |
        jupyter labextension list
        jupyter labextension list 1>labextensions 2>&1
        cat labextensions | grep "my-lab-npm-package.*OK.*my_py_module"

Then, when release time comes around, you'd:

• download the master builds off CI
• verify those hashes one more time
• dump them in a tag/release in the web ui
• twine upload them
• verify the hashes on PyPI

This leaves a nice trail of validation, and reduces weird packaging surprises from being built on the magic build computer.

[bernhard-42]

Thanks @bollwyvl , sdist is on pypi now and I changed my Makefile to also create sdist and upload it

[bollwyvl]

Awesome. Still having issues down in the CMake weeds on conda-forge/cadquery-feedstock#4 but capturing all the little pieces helps.